You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Recommendations

FIO00-A. Validate deserialized objects

FIO01-A. Canonicalize path names originating from untrusted sources

FIO02-A. Use Runtime.exec() correctly

FIO03-A. Prevent exceptions while logging data

FIO04-A. Understand the limitations of the logging framework

FIO05-A. Document character encoding while performing file IO

Rules

FIO30-C. Validate user input

FIO31-C. Create a copy of mutable inputs

FIO32-C. Do not serialize sensitive data

FIO33-C. Do not allow serialization and deserialization to bypass the Security Manager

FIO34-C. Ensure all resources are properly closed when they are no longer needed

FIO35-C. Exclude user input from format strings

FIO36-C. Never hardcode sensitive information

FIO37-C. Do not assume infinite heap space when reading in data

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO00-A

low

unlikely

medium

P2

L3

Rules

Rules

Severity

Likelihood

Remediation Cost

Priority

Level

FIO30-C

low

unlikely

medium

P2

L3

  • No labels